
Metadata Attacker is Exploitation Tool that can inject generate image (.jpg), audio (.mp3) or video (.mp4) file containing your custom Metadata or a set of cross-site scripting vectors to exploit any web service against XSS vulnabilities when displaying your files with unfiltered Metadata. This tool will create image, audio or video with malicious script. This method will able to exploit a vulnerable website with just uploading image, audio or video files.
Metadata-Attacker
With this small suite of open source pentesting tools you’re able to create an image (.jpg), audio (.mp3) or video (.mp4) file containing your custom metadata or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta data.
Installation / Usage
First install docker on your host system.
Now you can simply run the following command :
When finished open your favorite browser and switch to the docker ip or http://localhost
Credits
- Image-Attacker developed by @mniemietz
- Audio-Attacker developed by @derctwr
- Video-Attacker, project merging and docker containers by @Lednerb